βΌ CVE-2022-41217 βΌ
π Read
via "National Vulnerability Database".
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41216 βΌ
π Read
via "National Vulnerability Database".
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system.π Read
via "National Vulnerability Database".
π΄ Xcitium Brings 'Zero Dwell' Capability to Legacy EDR Platforms π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Xcitium Brings 'Zero Dwell' Capability to Legacy EDR Platforms
BLOOMFIELD, N.J., Feb. 21, 2023 (GLOBE NEWSWIRE) -- Xcitium, a security platform provider focused on preventing damage caused by Malware, today announced availability of its advanced endpoint security solution, ZeroDwell Containment, for customers with orβ¦
βΌ CVE-2023-23063 βΌ
π Read
via "National Vulnerability Database".
Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure.π Read
via "National Vulnerability Database".
π΄ Phishing Fears Ramp Up on Email, Collaboration Platforms π΄
π Read
via "Dark Reading".
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?π Read
via "Dark Reading".
Dark Reading
Phishing Fears Ramp Up on Email, Collaboration Platforms
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?
π΄ Google Delivers Record-Breaking $12M in Bug Bounties π΄
π Read
via "Dark Reading".
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.π Read
via "Dark Reading".
Dark Reading
Google Delivers Record-Breaking $12M in Bug Bounties
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.
π΄ Headwinds Don't Have to Be a Drag on Your Security Effectiveness π΄
π Read
via "Dark Reading".
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.π Read
via "Dark Reading".
Dark Reading
Headwinds Don't Have to Be a Drag on Your Security Effectiveness
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.
βΌ CVE-2022-43870 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41566 βΌ
π Read
via "National Vulnerability Database".
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23040 βΌ
π Read
via "National Vulnerability Database".
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43873 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23039 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().π Read
via "National Vulnerability Database".
βΌ CVE-2022-41567 βΌ
π Read
via "National Vulnerability Database".
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0960 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41565 βΌ
π Read
via "National Vulnerability Database".
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26214 βΌ
π Read
via "National Vulnerability Database".
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43578 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683.π Read
via "National Vulnerability Database".
β NPM JavaScript packages abused to create scambait links in bulk β
π Read
via "Naked Security".
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!π Read
via "Naked Security".
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
β Coinbase breached by social engineers, employee data stolen β
π Read
via "Naked Security".
Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ US Military Emails Exposed via Cloud Account π΄
π Read
via "Dark Reading".
A DoD email server hosted in the cloud (and now secured) had no password protection in place for at least two weeks.π Read
via "Dark Reading".
Dark Reading
US Military Emails Exposed via Cloud Account
A DoD email server hosted in the cloud (and now secured) had no password protection in place for at least two weeks.
βΌ CVE-2023-0933 βΌ
π Read
via "National Vulnerability Database".
Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".